13 Replies Latest reply: Jan 2, 2014 8:25 AM by tony.g RSS

    HDD ID- Oracle Commands (ALL)

    user7488327

      Dear All,

      I would like to develop a script in Oracle Forms which can read a unique data like Hard Disk Drive ID and store it in Database in order to increase the security level of my Oracle DB. If all database intended to be copied from one Hard Disk Drive to another then program should automatically lock itself as new HDD ID will not match with previous one and doesn't let users to use it anymore.

      I would be grateful if you can let me know how can I read HDD ID with Oracle commands to built up a script to protect my DB against an unauthorized copy. I would be happy if you also share with me your different opinions that I can use to protect my DB against to be copied by someone else.

      Kind Regards,
      Dr. Meriç Yıldırım

        • 1. Re: HDD ID- Oracle Commands (ALL)
          HamidHelal

          First of All try This. Simple One.

           

          Check This

           

          N.B.: Only work with forms 6i

           

          For all version of forms try This

          Hamid

           

           

          Message was edited by: HamidHelal

          • 2. Re: HDD ID- Oracle Commands (ALL)
            user7488327

            Dear Hamid,

             

            I thank you very much for your reply. I may install application to Unix or Linux as well so I prefer to develop something within Oracle. So I want to create a link between Hardware of the client's computer and Oracle Forms over purely oracle commands. It doesn't matter that it has to be HDD ID but any of hardware info to link them each other. I don't know whether we can do this or not but do you have any opinion how we can set this structure up ?

             

            Kind Regards,

            Dr. Meriç Yıldırım

            • 3. Re: HDD ID- Oracle Commands (ALL)
              HamidHelal

              Hello Dr. Meriç Yıldırım


              The simplest way is to track database ID. When you first install a database it will generate a unique id.

               

              So, when you first install your own schema, then track this ID and store in a your schema and check from forms with the database ID and your stored ID.

               

              If someone copy your schema and install another database, the stored ID didn't match with that database.

               

               

              SELECT TO_CHAR(dbid)

              FROM v$database;

               

              Hope this helps


              Hamid

              • 4. Re: HDD ID- Oracle Commands (ALL)
                user7488327

                Hello Hamid,

                 

                Many thanks for your kind reply. This will protect DB against reinstallation risk by unauthorized people but this will not protect against a full image copy of the DB. That's why I also would like to setup a protection against being copied by unauthorized people. Can we setup something similar on Forms level ? If we can make something similar on Forms level, forms will not run after copying even DB is a full image copy so program will be useless.

                 

                I would be grateful if you can share your opinions with me.

                 

                I thank you very much for your valuable time and support.

                 

                Kind Regards,

                Dr. Meriç Yıldırım

                • 5. Re: HDD ID- Oracle Commands (ALL)
                  HamidHelal

                  Hello Dr. Meriç Yıldırım,

                   

                  With my limited knowledge, i don't know any way for platforms independent code or application. And oracle may be will never thought of it.

                   

                  Oracle application user's have secured server and have maintenance people. What you thinking is very rare situation.  You can go through this  hardware - How can I retrieve a hard disk's unique ID using Java+JNI on Linux, Windows and Mac - Stack Overflow

                   

                  Hope this helps

                   

                  Hamid

                  • 6. Re: HDD ID- Oracle Commands (ALL)
                    tony.g

                    Hello Dr. Meriç Yıldırım,

                     

                    It seems to me that you are putting your security in the worng place.

                     

                    Surely it is the data in your database that is the thing you want to secure.  There are many tools that can access this data other than forms, so securing access to it in forms only slightly secures your data.

                     

                    Physical security to access the hardware that contains the data is the most important issue, then followed by electronic access to the server that contains the database.

                     

                    Just a few thoughts.

                     

                    Tony

                    • 7. Re: HDD ID- Oracle Commands (ALL)
                      Andreas Weiden

                      I'm also not sure what exactly you want to achieve? Do want to prohibit someone copying your database? Or your application? Or both?

                      • 8. Re: HDD ID- Oracle Commands (ALL)
                        user7488327

                        Dear Andreas, Tony,

                         

                        I locked all users except the ones I authorized on DB so I don't have any hesitation that unauthorized people can go into DB and access the data. I also used an encoding script for passwords which prevents authorized users can log in directly to DB and access the Data. Authorized users password will only work when they use Forms but not direct logins from SQL. My only hesitation is to protect my DB and Forms against a full image copy to another computer that they can run my program unofficially. This was actually my question. That's why I thought to put a security in Forms level that interface doesn't work when it is copied by unauthorized people. I would prefer to do this within oracle tools instead of using a 3rd party OCX or any other tool.

                         

                        I hope this time I could express myself what I exactly need to do.

                         

                        Dear Hamid,

                         

                        By the way, I thank you for your valuable helps and documentation links. It was quite helpful.

                         

                        Kind Regards,

                        Dr. Meriç Yıldırım

                        • 9. Re: HDD ID- Oracle Commands (ALL)
                          Andreas Weiden

                          One idea from my side:

                           

                          What about using the MAX-adress of the network-adapter of the database-server. This should be readable using java, and you could use a java stored-procedure to do so.

                           

                          Some other thoughts:

                           

                          What about the dba's ? they need access as SYS or a similar privileged user to do administrative tasks like backup and revocery. How do you want to prvent your system from being modified by them? What if the customers changes his hardware?

                          • 10. Re: HDD ID- Oracle Commands (ALL)
                            user7488327

                            Dear Andreas,

                             

                            I granted program users as DBA and I developed a menu to have backup directly from the interface. The users who are authorized to have backup can do it without being connected directly to DBA. I don't have any hesitation about their DBA privilages as passwords of them are encrypted and they will not be able to login directly to DB. I mean their password in the interface and what Oracle DB knows is different. Recovery will be done by ourselves when needed by customer. Same will happen when hardware changes.

                             

                            Kind Regards,

                            Dr. Meriç Yıldırım

                            • 11. Re: HDD ID- Oracle Commands (ALL)
                              Andreas Weiden

                              Backup and recovery are only few of the various tasks DBA's do in general (monitor tablespaces, add datatables, reorgs, configure, patching). I don't know what kind of company is intended to use your software, but if there are more than just your database to be administered, you might run into problems because DBA's have their own tools to do this tasks (like Enterprise manager) and all of these tools need some kind of direct DBA-access to the database.

                               

                              About your copyprotection: If you want to do some check against hardware (like MAC-adress or HDD-ID), this might be hard to do from Forms, as in general your forms-applications run on a different machine than your database. What about using information from V$DATABASE (as mentioned before) which does change also on cloning. This could be e.g. the Creation-Date in combination which the DBID (see Database creation date after cloning.)

                              • 12. Re: HDD ID- Oracle Commands (ALL)
                                user7488327

                                Dear Andreas,

                                 

                                I used V$DATABASE option when recommended by Hamid and it is quite helful but I was not aware that creation date also changes when DB is copied so this would be an additional security level. Many thanks for your recommendation.

                                 

                                Regarding your comments about possible clients of the program, you are right on saying that if our DB is not the only one to be administered then current structure may create difficulty for DBA Admins. In that case we will let DBAs use SYS user for direct logins and administer full database via their tools. We don't have any other option in that case.

                                 

                                I hereby thank all of you once more again for your valuable time and support.

                                 

                                I wish a happy and healthy new year to you.

                                 

                                Kind Regards,

                                Dr. Meriç Yıldırım

                                • 13. Re: HDD ID- Oracle Commands (ALL)
                                  tony.g

                                  Hi

                                   

                                  Reading back through this thread, it suddenly struck me that maybe all of your questions are due to the the fact that you have both the Database and the Forms all on a single PC.  Is this the case?

                                   

                                  Tony